Related topics

Microsoft: Silverlight youth beats Flash experience

Outta your sandbox

Common Topics

It sounds like Microsoft is getting the same treatment from Apple as Adobe Systems when it comes to putting its media player on the iPad and iPhone.

It's been put on hold.

Regardless of whether Silverlight makes it on to either, Microsoft still feels pretty good about how it stacks up against Flash in security - an area where Apple chief executive Steve Jobs recently unloaded on Flash.

There's no Flash on the iPhone, Jobs said, because Flash is riddled with bugs. "Whenever a Mac crashes more often than not it's because of Flash," Jobs said. Adobe's chief technology officer Kevin Lynch fired back: "We don't ship Flash with any known crash bugs."

In an interview ahead of next Tuesday’s release of the latest installment in the Silverlight story, Silverlight 4, corporate vice president for the .Net developer platform Scott Guthrie told The Reg that security and performance for the player are "super critical" to Microsoft.

The stakes are certainly higher with this version of Silverlight than previous editions.

Silverlight 3 ran applications from the safety of a sand-boxed environment, to protect your PC from potentially malicious code that might be hidden inside that video of the cat playing chopsticks you just downloaded from YouTube and started watching during your lunch break.

But version 4 lets you chose to run applications outside the sandbox as it taps into your computer in a way that would embarrass its predecessors.

Video in Silverlight 4 will integrate with the media hardware on your PC, like the processor and any camcorders - should the application using Silverlight need to use a video, that is. Silverlight 4 adds new APIs that let you re-size and re-position video or other content using Silverlight outside the browser and on the desktop. Applications can be integrated with the task bar at the bottom of your Windows-7 screen or the doc on Apple's OS X. Applications written in Silverlight 4 can also access the PC's clipboard.

Applications in Silverlight 4 can read and write to the file system if the application is supported. And you can customize the chrome and host HTML - handy for running video build in HTML 5 but also potentially handy for cross-site scripting or SQL-injection attacks.

Guthrie said security is something Microsoft worries about every day but noted Silverlight has enjoyed a very good reputation since version 1.0 in 2007. He attributed that to youth.

Silverlight has been built in an era when its been possible to take advantage of the best practices that have evolved as the result of the last decade's word of attacks. Technologies like Flash, which hails from the mid 1990s, predate this and contain layer upon layer of legacy code and fixes to cope with first the PC and then the rise of the web.

"Any code written in the last five years tends to be more secure than the code written 10 years ago - that's true for us and others," Guthrie said. "Silverlight, because it's been written over the last two to three years, is able to incorporate the best practices we've learned. We feel pretty good about Silverlight's security."

Interestingly, during the recent Pwn2Own hacker contest at CanSecWest, Google's Chrome was the only browser not to succumb to attacks from hackers that felled Internet Explorer, Mozilla's Firefox, and Apple's Safari. All these pre-date the two to three year window while Chrome is Silverlight's peer, having been first released in 2008.

Overall, Guthrie said he felt Silverlight 4 positions Microsoft well against Adobe's Flash-based AIR for RIAs. Like Silverlight, AIR breaks down the barrier between downloaded applications and their access to the local hardware and data on your PC.

In many ways, Silverlight 4 closes the gap on Flash and AIR on a features perspective with simple additions like the ability to print from Silverlight and the addition of support for rich text, bi-directional, and RTL text.

Guthrie repeated the latest market-share numbers Microsoft has claimed show Silverlight's growing uptake is closing in on Flash's ubiquity - Adobe claims Flash runs on more than 90 per cent of PCs.

He claimed Microsoft's data shows 60 per cent of all devices on the internet now run Silverlight - up from 45 per cent when in November 2009 when Microsoft released the Silverlight 4 beta. Guthrie cites major events like the Vancouver Winter Olympics, the March Madness basketball frenzy in the US, and Victoria's Secret fashion show have all been broadcast online using the Silverlight player have helped drive uptake as viewers had to downloaded the player.

Guthrie claimed this gives Silverlight RIAs and edge over AIR, because you don't need to download a separate Microsoft RIA runtime. You get the RIA as part of Silverlight. AIR, though, needs to be downloaded separately to Flash, so while Flash is ubiquitous AIR's still striving for penetration. He claimed Silverlight is installed on "three times" as many machines as AIR, making the Silverlight RIA option more attractive to developers looking for an existing market to target.

"While Flash is installed on lots of machines, AIR is not...so the day we ship next week our out-of-browser support will be installed on far more machines than AIR," Guthrie said.

That's a maybe, but there's still one device they all want to be on and that won't be running Silverlight, Flash, or AIR anytime soon. ®